<?php
/*
	Obelix BB - Obelix Bulletin Board.
	
	Auteur : Fy - http://fee.lya.eu

	## Fonctions membres ##
*/

// Traite les intérets.
function view_interests($interests) 
{
	$i = 0;
	$interests = explode(', ', $interests);
	while($interests[$i])  {
		$result .= '<a href="?p=interests&world='.$interests[$i].'" name="'.$interests[$i].'">'.$interests[$i].'</a>, ';	
		$i++;
	}
	return $result;
}


// Module de validation.
function mod_valid()
{
	global $config;
	$mysql = mysql_query('SELECT valid 
			      FROM '.$config['mysql_prefix'].'users_infos 
			      WHERE idu="'.$_GET['id'].'"');
	$code = mysql_fetch_array($mysql);

	$result = '<h3>'._('validation').'</h3>';
	if($code['valid'] == $_GET['code']) {
		mysql_query('UPDATE '.$config['mysql_prefix'].'users_infos 
			     SET valid="1" 
			     WHERE idu="'.$_GET['id'].'"');
		$result .= _('valid_ok');
	} else {
		$result .= _('valid_pas_ok');
	}
	return $result;
}

// Module de visualisation des fiches.
function mod_view() 
{
	global $config;
		if(check_auth() && !$_GET['id']) {
			$id = $_SESSION['idu'];
		} else {
			$id = $_GET['id'];
		}
		$mysql = mysql_query('SELECT idu, username, aboutu, avatar, movies, music, website, signature, books, tv, games, location, interests, sexe, birthday
				      FROM '.$config['mysql_prefix'].'users, '.$config['mysql_prefix'].'users_infos 
				      WHERE idu="'.$id.'" AND id=idu')or die(mysql_error());
		$infos = mysql_fetch_array($mysql);

		if(empty($infos['avatar'])) {
			$avatar = $config['dir_avatars'].'/noavatar.png';
		} else {
				$avatar = $config['dir_avatars'].'/'.$infos['idu'].$infos['avatar'];
		}

		$anniv = explode('-',$infos['birthday']);
		
		$age = age_calc($anniv);

		if($infos['sexe']) {
			$sexe = _('femme');
		} else {
			$sexe = _('homme');
		}

		$result = '<h3>'._('fiche_visu').'</h3><br /><table class="tab">
				<tr style="vertical-align:top">
					<td width="'.($config['avatar_xy']).'" style="text-align:right">
						<img src="'.$avatar.'" alt="'.$avatar.'"/><br />';
		if($infos['location']) {
			$result .=			$infos['location'].' <br />';
		}
		if($infos['birthday'] != '0000-00-00') {
			$result .=			$age._('ans').'<br />';
		}
		if($infos['sexe'] != -1) {
			$result .=			$sexe;
		}
		$result .=		'</td>
					<td style="padding-left: 10px">';
		if($infos['aboutu']) {
			$result .=			'<h3>'.$infos['username'].'</h3>
							 '.nl2br($infos['aboutu']);
		} else {
			$result .=			'<h3>'.$infos['username'].'</h3>
							 '._('nodesc');
		}
		if($infos['website']) {
			$result .=			'<br /><br /><h3>'._('website').'</h3>
							 <a href="'.$infos['website'].'" target="_blank" alt="'.$infos['website'].'">'.$infos['website'].'</a>';
		}
		if($infos['interests']) {
			$result .=			'<br /><br /><h3>'._('fiche_perso').'</h3>
						 	'.view_interests($infos['interests']);
		}
		if($infos['movies']) {				 
			$result .=			'<br /><br /><h3>'._('movies').'</h3>
							 '.view_interests($infos['movies']);
		}
		if($infos['music']) {
			$result .=			'<br /><br /><h3>'._('music').'</h3>
							 '.view_interests($infos['music']);
		}
		if($infos['tv']) {
			$result .=			'<br /><br /><h3>'._('tv').'</h3>
							 '.view_interests($infos['tv']);
		}
		if($infos['books']) {
			$result .=			'<br /><br /><h3>'._('books').'</h3>
							 '.view_interests($infos['books']);
		}
		if($infos['games']) {
			$result .=			'<br /><br /><h3>'._('games').'</h3>
						 	'.view_interests($infos['games']);
		}
		if($infos['signature']) {
			$result .=			'<br /><br /><h3>'._('signature').'</h3>
						 	'.nl2br($infos['signature']);
		}
		$result .=		'</td>
				</tr>
			   </table>';
	return $result;
}

// Module liste de membres.
function mod_members() {
	global $config;
	$nb_req = mysql_query('SELECT COUNT(idu) 
					       FROM '.$config['mysql_prefix'].'users_infos 
					       WHERE valid=1');

	$nb = mysql_result($nb_req,0);
	$pages = per_page($nb,$_GET['page']);

	$mysql = mysql_query('SELECT idu,avatar,username,website,location,nbm 
			      FROM '.$config['mysql_prefix'].'users, '.$config['mysql_prefix'].'users_infos 
			      WHERE '.$config['mysql_prefix'].'users_infos.idu='.$config['mysql_prefix'].'users.id AND '.$config['mysql_prefix'].'users_infos.valid=1
			      LIMIT '.$pages[1].' , '.$pages[0].'')or die(mysql_error());
	
	

	$result .= '<h3>'._('membres').'</h3>';
	$result .= $pages[2];
	$result .= '<table class="tab">
			<tr>
				<th>'._("user").'</th>
				<th>'._("avatar").'</th>
				<th>'._("location").'</th>
				<th>'._("website").'</th>
				<th>'._("messages").'</th>
			</tr>';	
	while($infos = mysql_fetch_array($mysql)) {
		if(empty($infos['avatar'])) {
			$avatar = $config['dir_avatars'].'/noavatar.png';
		} else {
				$avatar = $config['dir_avatars'].'/'.$infos['idu'].$infos['avatar'];
		}
		$result .= '<tr>
				<td class="tab_other_1">
					<a href="?p=view&amp;id='.$infos['idu'].'" name="'.$infos['username'].'">'.$infos['username'].'</a>
				</td>
				<td class="tab_other_2">
					<img src="'.$avatar.'" alt="'.$avatar.'" align="middle" />
				</td>
				<td class="tab_other_1">
					'.$infos['location'].'
				</td>
				<td class="tab_other_2">
					<a href="'.$infos['website'].'"  target="_blank">'.$infos['website'].'</a>
				</td>
				<td class="tab_other_1">
					'.$infos['nbm'].'
				</td>
			</tr>';	
	}
	$result .= '</table>';
	$result .= $pages[2];
	return $result;
}

// Module d'édition de profil.
function mod_controls() 
{
	global $config;
	if(check_auth()) {
	
		$result = '<h3>'._('profil_edit').'</h3>';
		$result .= '<a href="?p=controls" name="'._('fiche').'">'._('fiche').'</a> - 
			<a href="?p=controls&amp;action=avatar" name="'._('avatar').'">'._('avatar').'</a> -
			<a href="?p=controls&amp;action=info" name="'._('info_perso').'">'._('info_perso').'</a> - 
			<a href="?p=controls&amp;action=fiche" name="'._('fiche_perso').'">'._('fiche_perso').'</a>
			<br />';
		if(empty($_GET['action'])) {
			$result .= '<br />'.mod_view();
		} else if ($_GET['action'] == 'avatar') {
			if ($_GET['edit'] == 'ok') {
				$all_types = array(1  => '.gif', '.jpg', '.png');
				if ($err = $_FILES['fichier']['error']) {
					if ($err == UPLOAD_ERR_INI_SIZE) {
						$result .= _('avatar_size2');
					} else if ($err == UPLOAD_ERR_FORM_SIZE) {
						$result .= _('avatar_size2');
					} else if ($err == UPLOAD_ERR_PARTIAL) {
						$result .= _('avatar_partial');
					} else if ($err == UPLOAD_ERR_NO_FILE) {
						$result .= _('avatar_nofile');
					}
				} else {
					list($width, $height, $type, $attr) = getimagesize($_FILES['fichier']['tmp_name']);
					$type = $all_types[$type];
					if (!in_array($type, $all_types)) {
						$result .= _('avatar_nopic');
					} else {
						$size = $_FILES['fichier']['size'];
						if ($width > $config['avatar_xy'] || $height > $config['avatar_xy']) { 
							$result .= _('avatar_size');
						} else if ($size > $config['avatar_size']) {
							$result .= _('avatar_size2');
						} else {
							$chaine = $_SESSION['idu'].$type;
							if (file_exists($chaine)) { 
								unlink('avatars/'.$chaine);
							}
							$destination = 'avatars/'.$chaine;
							move_uploaded_file($_FILES['fichier']['tmp_name'], $destination);
							mysql_query('UPDATE '.$config['mysql_prefix'].'users_infos
					    			    	     SET avatar="'.$type.'"
					     			             WHERE idu='.$_SESSION['idu'].'');
							$result .= _('maj_ok');
							$back = $config['board_uri'].'?p=controls';
							$_SESSION['avatar'] = $type;
							$result .= '<script language="javascript" type="text/javascript">
									window.location.replace("'.$back.'");
								    </script>';
						}
					}
				}
			} else {
				$mysql = mysql_query('SELECT avatar
						      FROM '.$config['mysql_prefix'].'users_infos 
						      WHERE idu='.$_SESSION['idu'].'');

				$infos = mysql_fetch_array($mysql);

				if(empty($infos['avatar'])) {
					$avatar = $config['dir_avatars'].'/noavatar.png';
				} else {
					$avatar = $config['dir_avatars'].'/'.$_SESSION['idu'].$infos['avatar'];
				}
				$result .= '<table class="tab">
						<tr>
							<td width="'.($config['avatar_xy']+20).'px">
								<img src="'.$avatar.'" alt="'.$avatar.'" align="center" />
							</td>
							<td>
					';
				$result .= '			<form method="post" action="?p=controls&amp;action=avatar&amp;edit=ok" enctype="multipart/form-data">
									<fieldset>
										<legend>'._('info_perso').'</legend>
											<label>'._('file').'<br />
												<input value="" size="40" name="fichier" type="file" />
											</label><br /><br />
											<input type="submit" value="'._('okform').'" />
									</fieldset>
								</form>';
				$result .= '		</td>
						</tr>
					</table>';
			}
		} else if ($_GET['action'] == 'info') {
			if ($_GET['edit'] == 'ok') {
				$location = htmlentities($_POST['location']);
				$website = htmlentities($_POST['website']);
				$signature = htmlentities($_POST['signature']);
				$anniv = htmlentities($_POST['aaaa']).'-'.htmlentities($_POST['mm']).'-'.htmlentities($_POST['jj']);
				$sexe = htmlentities($_POST['sexe']);
				mysql_query('UPDATE '.$config['mysql_prefix'].'users_infos
					     SET signature="'.$signature.'", website="'.$website.'", location="'.$location.'", sexe="'.$sexe.'", birthday="'.$anniv.'"
					     WHERE idu='.$_SESSION['idu'].'');
				$result .= _('maj_ok');
				$back = $config['board_uri'].'?p=controls';
				$result .= '<script language="javascript" type="text/javascript">
						window.location.replace("'.$back.'");
					    </script>';
			} else {
				$mysql = mysql_query('SELECT sexe, birthday, signature,location,website 
						      FROM '.$config['mysql_prefix'].'users_infos 
						      WHERE idu='.$_SESSION['idu'].'');

				$infos = mysql_fetch_array($mysql);
				$anniv = explode('-',$infos['birthday']);

				if($infos['sexe']) {
					$femme = 'SELECTED';
				} else {
					$homme = 'SELECTED';
				}

				$result .= '<form method="post" action="?p=controls&amp;action=info&amp;edit=ok">
						<fieldset>
							<legend>'._('info_perso').'</legend>
								<label>'._('anniversaire').'<br />
									<input type="text" name="jj" value="'.$anniv[2].'" size="2" maxlength="2" /> / <input type="text" name="mm" value="'.$anniv[1].'" size="2" maxlength="2" />  / <input type="text" name="aaaa" value="'.$anniv[0].'" size="4" maxlength="4" /><br />
								</label><br />
								<label>'._('sexe').'<br />
									<select name="sexe"><option value="0" '.$homme.'>'._('homme_f').'</option><option value="1" '.$femme.'>'._('femme_f').'</option></optgroup></select>
								</label><br /><br />
								<label>'._('location').'<br />
									<input type="text" name="location" value="'.$infos['location'].'" size="30" maxlength="30" /><br />
								</label><br />
								<label>'._('website').'<br />
									<input type="text" name="website" value="'.$infos['website'].'" size="40" maxlength="160" /><br />
								</label><br />
								<label>'._('signature').'<br>
								<textarea name="signature" rows="4" cols="65">'.$infos['signature'].'</textarea><br>
								</label><br />
								<input type="submit" value="'._('okform').'" />
						</fieldset>
					</form>';
			}
		} else if ($_GET['action'] == 'fiche') {
			if ($_GET['edit'] == 'ok') {
				$aboutu = htmlentities($_POST['aboutu']);
				$interests = htmlentities($_POST['interets']);
				$movies = htmlentities($_POST['movies']);
				$music = htmlentities($_POST['music']);
				$books = htmlentities($_POST['books']);
				$games = htmlentities($_POST['games']);
				$tv = htmlentities($_POST['tv']);
				mysql_query('UPDATE '.$config['mysql_prefix'].'users_infos
					     SET aboutu="'.$aboutu.'",interests="'.$interests.'",movies="'.$movies.'",music="'.$music.'",games="'.$games.'",books="'.$books.'",tv="'.$tv.'" 
					     WHERE idu='.$_SESSION['idu'].'');
				$result .= _('maj_ok');
				$back = $config['board_uri'].'?p=controls';
				$result .= '<script language="javascript" type="text/javascript">
						window.location.replace("'.$back.'");
					    </script>';
			} else {
				$mysql = mysql_query('SELECT aboutu,interests,movies,music,games,tv,books 
						      FROM '.$config['mysql_prefix'].'users_infos 
						      WHERE idu='.$_SESSION['idu'].'');

				$infos = mysql_fetch_array($mysql);

				$result .= '<form method="post" action="?p=controls&amp;action=fiche&amp;edit=ok">
						<fieldset>
							<legend>'._('info_perso').'</legend>
								<label>'._('aboutu').'<br>
								<textarea name="aboutu" rows="4" cols="65">'.$infos['aboutu'].'</textarea><br></label><br />
	
								<label>'._('fiche_perso').'<br>
								<textarea name="interets" rows="4" cols="65">'.$infos['interests'].'</textarea><br></label><br />
	
								<label>'._('movies').'<br>
								<textarea name="movies" rows="4" cols="65">'.$infos['movies'].'</textarea><br></label><br />
	
								<label>'._('music').'<br>
								<textarea name="music" rows="4" cols="65">'.$infos['music'].'</textarea><br></label><br />
	
								<label>'._('tv').'<br>
								<textarea name="tv" rows="4" cols="65">'.$infos['tv'].'</textarea><br></label><br />
	
								<label>'._('books').'<br>
								<textarea name="books" rows="4" cols="65">'.$infos['books'].'</textarea><br></label><br />
	
								<label>'._('games').'<br>
								<textarea name="games" rows="4" cols="65">'.$infos['games'].'</textarea><br></label><br />
	
								<input type="submit" value="'._('okform').'" />
						</fieldset>
					</form>';
			}
		}
	} else {
		$result .= _('auth_erreur2');
	}
	return $result;
}

// Module identification.
function mod_log() 
{
	global $config;
	$result = '<h3>'._('identification').'</h3>';
	if($_GET['action'] == 'in') {
		if(empty($_POST['username']) || empty($_POST['password'])) {
			$result .= _('form_vide');
		} else {
			$user = htmlentities($_POST['username']);
			$pass = htmlentities(strtolower($_POST['password']));
			$mysql = mysql_query('SELECT id, username, password, avatar, valid FROM '.$config['mysql_prefix'].'users, '.$config['mysql_prefix'].'users_infos WHERE username="'.$user.'" AND id=idu');
			$user_infos = mysql_fetch_array($mysql);
			if(md5($pass) == $user_infos['password'] && $user_infos['valid'] == 1) {
				$_SESSION['idu'] = $user_infos['id'];
				$_SESSION['username'] = $user_infos['username'];
				$_SESSION['avatar'] = $user_infos['avatar'];
				$result .= _('auth_ok');
				if(strpos($_POST['old'],$config['board_uri'])) {
					$back = htmlentities($_POST['redirect_url']);
				} else {
					$back = $config['board_uri'];
				}
				$result .= '<script language="javascript" type="text/javascript">
						window.location.replace("'.$back.'");
					    </script>';
			} else {
				$result .= _('auth_erreur');
			}
		}
	} else if ($_GET['action'] == 'out') {
		$_SESSION = array();
		session_destroy();
		$result .= _('out');
		$result .= '<script language="javascript" type="text/javascript">
				window.location.replace("'.$config['board_uri'].'");
			    </script>';
	}
	return $result;
}

// Module inscription.
function mod_subscribe()
{
	global $config;
	$result = '<h3>'._('inscription').'</h3>';
	if($_GET['action'] == 'ok') {
		if(empty($_POST['username']) || empty($_POST['password']) || empty($_POST['password_conf']) || empty ($_POST['mail'])) {
			$result .= _('form_vide');
		} else if ($_POST['password'] != $_POST['password_conf']) {
			$result .= _('form_dif_pass');
		} 
		else {
			$user = htmlentities($_POST['username']);
			$pass = htmlentities(md5($_POST['password']));
			$pass_mail = htmlentities($_POST['password']);
			$mail = htmlentities($_POST['mail']);
	
			$mysql = mysql_query('SELECT COUNT(id) FROM '.$config['mysql_prefix'].'users WHERE username="'.$user.'" OR mail="'.$mail.'"');
			$exist = mysql_result($mysql,0);
			if($exist) {
				$result .= _('user_existe');
			} else {
				mysql_query('INSERT INTO '.$config['mysql_prefix'].'users(username,password,mail) VALUES("'.$user.'","'.$pass.'","'.$mail.'")');
				$idu = mysql_insert_id();
				$valid = rand(100000,999999);
				mysql_query('INSERT INTO '.$config['mysql_prefix'].'users_infos(idu,valid) VALUES("'.$idu.'","'.$valid.'")');
				$title = _('title_mail').$config['board_title'];
				$message = _('message_mail_1').$config['board_uri'].'?p=valid&code='.$valid.'&id=';
				$message .= $idu."\n\n"._('infos')."\n\n"._('user').' : '.$user."\n\n"._('pass').' : '.$pass_mail."\n\n"._('message_mail_2').$config['board_title'];
				$headers = 'From: '.$config['board_mail'].'' . "\r\n" . 'Reply-To: '.$config['board_mail'].'' . "\r\n" . 'X-Mailer: PHP/' . phpversion();
				mail($mail, $title, $message, $headers);
				$result .= _('confirm_insc');
			}
		}
	} else {
		$result .= '<form method="post" action="?p=subscribe&amp;action=ok">
				<fieldset>
					<legend>'._('infos').'</legend>

					<input type="text" name="username" value="'._('user').'" size="16" maxlength="16"  onfocus="if (this.value ==  \''._('user').'\') this.value = \'\';" />
					<br />
					<br />
					<input type="password" name="password" value="'._('pass').'" size="16" maxlength="16"  onfocus="if (this.value == \''._('pass').'\') this.value = \'\';" />
					<br />
					<br />
					<input type="password" name="password_conf" value="'._('pass').'" size="16" maxlength="16" onfocus="if (this.value == \''._('pass').'\') this.value = \'\';" />
					<br />
					<br />
					<input type="text" name="mail" value="'._('mail').'" size="16" maxlength="100"  onfocus="if (this.value == \''._('mail').'\') this.value = \'\';" />
					<br />
					<br />
					<input type="submit" name="login" value="'._('okform').'" />
				</fieldset>
			    </form>';
	}

	return $result;
}
?>